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Integrated circuit for smart card with improved access control... 

. . .uses status monitors that deliver results to register that is 
monitored at each transaction to check for misuse of card 

. . .Abstract (Basic) : The integrated circuit has a microprocessor with 
program memory (12), non-volatile programmable memory (16), an 
input-output port (18), and a register (RS) storing signals from 
abnormality detectors (CI to C4 ) . This register is accessible by the 
microprocessor . The register state is verified immediately before each 
write or erase operation, and before each transmission of data from the 
input-output port. If verification indicates abnormal conditions, 
microprocessor operation is interrupted . 

. . .ADVANTAGE - Reduced risk of fraudulent use of smart cards . 

...Abstract (Equivalent): Integrated circuit with microprocessor , 

comprising a program memory (12), a programmable non-volatile memory 
(16), at least one input-out-put gate (18) for the connection of the 



circuit to the outside, safety pick-ups (CI to C4) to detect 
abnormal operating or environment conditions and a register (RS) 
accessible by the microprocessor and capable of memorising an item 
of information on the state of the pickups, characterised by the fact 
that. . . 

the state of the register immediately before each writing or erasing 
operation of the programmable memory and immediately before each 
transmission of data to the outside via the input-output gate, and 
means for interrupting the operation of the microprocessor if a 
verification of the state of the register brings abnormal conditions to 
light 

Abstract (Equivalent): An integrated circuit comprising... 

a first memory means for storing application programs... 

a second memory means which is programmable and non-volatile, for 
storing data . . . 

a plurality of means for continually sensing ambient conditions or 
electrical conditions of the integrated circuit which fall outside 
a normal operating range... 

register means for storing sensing information from the sensing 
means indicative of said ambient conditions or said electrical 
conditions of the integrated circuit which fall outside said normal 
operating range. . . 

a microprocessor means connected to said first and second memory 
means, said I/O port means, and said register means... 

said first memory means storing test subroutines for causing said 
microprocessor means to detect the presence or absence of said 
sensing information in said register means only in response to 
requests for the execution of one... 

a) writing data to said second memory means... 

b) clearing data from said second memory means; or. . . 

c) transmission of data from said second memory means, through the I/O 
port . . . 

the microprocessor means being interrupted if said sensing 

information is found to be present in said register means... 
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[57] ABSTRACT 

The invention relates to integrated circuits and, notably, to 
circuits for which it is desired to provide security against any 
fraudulent usage. The circuits concerned are microprocessor 
circuits having a program memory, a programmable non- 
volatile memory, at least one input/output port and an RS 
register memorizing the signals from sensors of abnormal 
conditions. This register is accessible by the microprocessor. 
There is provision for means to check the state of the register 
immediately before any operation for the writing or erasure 
of the programmable memory, and immediately before any 
transmission of data towards the exterior of the input/output 
port, and means to interrupt the working of the micropro- 
cessor if the check reveals abnormal conditions. 



2 Claims, 1 Drawing Sheet 
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that can be carried out by the microprocessor; 

a working random-access memory (RAM) 14; 

a non-volatile electrically programmable memory 
(EPROM) 16 and, preferably, one that is also electri- 
cally erasable (EEPROM). This memory may include 5 
data and possibly instructions for the microprocessor. It 
may include, notably, data elements the contents of 
which should not be touched and confidential data 
which should not be transmitted to the exterior of the 
circuit; 10 

input/output ports 18 making it possible, notably, to 
transmit information on external connection pins I/O of 
the integrated circuit (the transmission will generally be 
done serially to minimize the number of pins of the 
circuit, at least in chip card applications). 15 

Furthermore, the microprocessor is directly connected to 
registers, the contents of which it can read and which it can 
reset at zero. 

Among these registers, there is an RS register, the inputs 
of which are connected to various security sensors (CI, C2, 
C3, C4 for example) such as those mentioned here above. 

As has been explained, these sensors are designed to 
check the environmental conditions and the conditions of 
operation of the circuit in order to prevent fraudulent opera- 
tions that would become possible if these conditions were to 
become abnormal. Examples of sensors have been given 25 
here above. 

This RS register will be tested according to the invention 
whenever the program of application of the card (in a ROM 
or EEPROM memory) involves an operation for the trans- 
mission of information to the exterior (by the I/O contact) 30 
and also whenever the program involves an operation to 
modify the contents of the non-volatile memory 16. 

These operations are controlled by the microprocessor, by 
means of sub-programs stored in the read-only memory 
ROM 12 which manages the entire operation of the card. 35 
The organization of the read-only memory 12 is represented 
symbolically in FIG. 2. 

The memory is addressed sequentially, in such a way that 
the instructions memorized at successive addresses are car- 
ried out successively, except for successive instructions for 
skipping to a different location of the memory. 40 

A starting zone of the memory Z0 contains, for example, 
an initialization program enabling the microprocessor to 
carry out preliminary operations after the system is turned 
on (these preliminary operations include, notably, the zero- 
setting of the RS register). Preferably, an operation to test the 45 
RS register is carried out at the end of the initialization 
program. At this stage, the conditions of environment and 
operation of the circuit would indeed have to be normal in 
order that the circuit may be permitted to function. If the test 
is positive (with the RS register at zero and no detection of 50 
abnormal conditions), then the operation of the integrated 
circuit continues. If the test is negative (if the register 
contains a bit relating to the detection of an abnormal 
condition), then an instruction of routing towards a zone ZF 
of the ROM is carried out In this zone ZF, there is placed 55 
an instruction or routine placing the microprocessor on 
standby, and the microprocessor cannot leave this standby 
state except by reinitialization (for example by being dis- 
connected and turned on again). 

Other zones of the program memory 12 are used to carry 
out various operations. The microprocessor may obtain 60 
access to the first address of each of these zones when it 
receives a command to carry out a certain operation. The 
zone then contains the series of instructions necessary for 
the performance of this operation. It is, for example, an 
application program placed in the EEPROM 16, a program 65 
that can be carried out by the microprocessor, which calls up 
sub-programs placed in the zones of the read-only memory 
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12 when it has need of them. 

Among the possible operations, there is the transmission, 
to the exterior, of an n-bit word (for example an 8-bit byte) 
through the input/output port 18. This operation is carried 
out by means of a sub-program contained in a zone Zl of the 
ROM. This sub-program is called upon whenever a word has 
to be transmitted. 

Another operation carried out by a sub-program is the 
operation for writing a word or a bit in the non- volatile 
programmable memory 16. The corresponding instructions 
form a sub-program placed in a zone Z2 of the read-only 
memory. In the same way, an operation for the erasure of all 
or part of the programmable memory 16 is carried out by a 
sub-program placed in a zone Z3 of the read-only memory 
12. 

According to the invention, it is provided that the first 
instructions of the zones Zl, Z2 and Z3 will be instructions 
for checking the state of the RS register, this register being 
directly accessible in reading mode by the microprocessor. 
If the result is positive (with normal conditions being 
detected by the sensors CI to C4), the sub-program of the 
zone Zl, Z2 or Z3 respectively is carried out and the 
corresponding operation (transmission, writing or erasure 
respectively) is performed. If not, a routing instruction 
towards the zone ZF is carried out and the microprocessor is 
placed on definitive standby. 

Given the fact that the instructions needed for the check- 
ing of the register occupy only some tens of bytes, placed at 
the start of two or three zones of sub-programs at a maxi- 
mum, it is seen that the amount of ROM used to provide 
excellent security is not excessive. This is important, for the 
available ROM space is limited and should be reserved for 
numerous other essential operations for the management of 
the working of the microprocessor. 

What is claimed is: 

1. An integrated circuit comprising: 

a first memory means for storing application programs; 
a second memory means which is programmable and 

non-volatile, for storing data; 
at least one I/O port means; 

a plurality of means for continually sensing ambient 
conditions or electrical conditions of the integrated 
circuit which fall outside a normal operating range; 

register means for storing sensing information from the 
sensing means indicative of said ambient conditions or 
said electrical conditions of the integrated circuit which 
fall outside said normal operating range; 

a microprocessor means connected to said first and second 
memory means, said I/O port means, and said register 
means; 

said first memory means storing test subroutines for 
causing said microprocessor means to detect the pres- 
ence or absence of said sensing information in said 
register means only in response to requests for the 
execution of one or more of said subroutines in the set 
consisting of; 

(a) writing data to said second memory means; 

(b) clearing data from said second memory means; or 

(c) transmission of data from said second memory 
means, through the I/O port; 

the microprocessor means being interrupted if said sens- 
ing information is found to be present in said register 
means. 

2. An integrated circuit as set forth in claim 1 wherein 
interruption of the microprocessor means causes the micro- 
processor means to remain in a standby mode until reini- 
tialized. 

* * * * * 
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Tamper proof integrated circuit for smart card , electronic 
keys, includes XOR gate that produces reset signal whose state is changed 
when change occurs in pseudo random bit signal of random noise 
generator 

Abstract (Basic) : 

A random noise generator (1) has an output to provide pseudo 
random bit signal and another output to provide related signal. The 
circuit paths (2,3) are connected to the corresponding outputs of 
random noise generator . An XOR gate (4) which interconnects the 
circuit paths , produces a reset signal whose state is changed when 
change occurs in the bit signal. 

An INDEPENDENT CLAIM is also included for integrated circuit 
tamper detection method. . . 

. . . Integrated circuit (IC) with tamper detection circuit for use in 
smart card , authentication chips, electronic keys, cryptographic 
equipment. Also used in inkjet printer for in-camera digital... 

...The tampering in the integrated circuits is restricted to recover 
or deduce the key for incorporating security circuits by testing the 
tampering in integrated circuits using XOR gate. The direct access 
of top and front sides of the IC is... 

. . .The figure shows the tampered detection circuit. . . 

. . . Random noise generator (1. . . 



... Circuit paths (2,3 
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(57) ABSTRACT 

A method of detecting tampering with an integrated circuit 
using circuit paths extending in the integrated circuit and 
carrying signals which are compared to each other, and to 
thresholds, and providing an output signal in the event that 
predetermined signal conditions occur. The predetermined 
signal conditions which occur may be a change of state of an 
output of a gate which interconnects the two circuit paths, or 
a change of state of the output of testing circuitry which tests 
signals in at least one of the circuit paths against a threshold. 
In a further aspect the invention concerns an integrated 
circuit chip provided with tamper detecting circuitry. 

9 Claims, 5 Drawing Sheets 
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We claim: 

1. An integrated circuit including tamper detecting 
circuitry, comprising: a random noise generator having a 
first output to provide a first signal comprising a series of 
pseudo random bits, and a second output to provide a second 
signal which is related to the first signal, a first circuit path 
attached to the first output of the random noise generator, 
and a second circuit path attached to the second output of the 
random noise generator and at least one gate interconnecting 
the first and second circuit paths to produce a reset output 
signal which changes state if tampering causes a change to 
any bit of the signals in the first and second circuit paths. 

2. An integrated circuit according to claim 1 where test 
circuitry is connected to the first and second circuit paths to 
test the signals in the paths and provide an output if the 
signals fall outside a predetermined range. 

3. An integrated circuit according to claim 1 where the 
first and second circuit paths extend through the integrated 
circuit over the top of circuitry comprising the random noise 
generator. 

4. An integrated circuit according to claim 1 where the 
second signal is an inverted version of the first signal, and 
the gate is an exclusive OR gate. 

5. A method for detecting tampering with an integrated 
circuit, comprising the following steps: 

providing a random noise generator having a first output 
to provide a first signal and a second output to provide 



a second signal, a first circuit path attached to the first 
output of the random noise generator, and a second 
circuit path attached to the second output of the random 
noise generator and at least one gate interconnecting 
the first and second circuit paths; 

generating a series of pseudo random bits in the random 
noise generator to create a first output string of pseudo 
random bits at the first output and a second output 
string of pseudo random bits, related to the first, at the 
second output; 

testing the output of the gate to determine whether there 
is a change of state. 

6. A method according to claim 5, comprising the further 
step of resetting the integrated circuit in the event of a 
change of state of the output of the gate. 

7. A method according to claim 5, comprising the further 
step of erasing secret key information in the event of a 
change of status of the gate. 

8. A method according to claim 5, comprising the further 
step of testing the first and second circuit paths to test the 
signals in the paths and provide an output if the signals fall 
outside a predetermined range. 

9. A method according to claim 5, where the second signal 
is an inverted version of the first signal, and the gate is an 
exclusive OR gate. 

* * * * * 
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Increasing protection for smart card carrying memory 

. . .Abstract (Basic) : The protection is applied to cards carrying memory 

and also a microcircuit having memory coupled to the data processing 

element. When the processor is activated by an external data signal 
it emits a ratification signal after a randomly. . . 

...After data entry (1) a random number is generated (2) and used to 
set a time counter (3). At the end of the count... 

. . .Abstract (Equivalent) : A method to increase the protection of a 

microcircuit-based memory card comprising at least one memory (13, 
14) coupled to a data- processing element (15) wherein, said data- 
processing element receiving a command by a data signal external to 
the card and emitting in... 

. . .Abstract (Equivalent) : A memory card, said memory card comprising. . . 



.a bus, said bus permitting communication between an external device and 
said memory card. . . 



a first memory , said first memory being coupled to said bus, and 
said first memory having an application program stored therein... 

a second memory , said second memory being coupled to said bus . . . 

a circuit for generating a random delay value, said circuit being 
coupled to said bus; and. . . 

a processing element, said processing element being coupled to said 
bus, and said processing element defining means... 

for transmitting data via said bus to said second memory for 
storage therein. . . 

for delaying transmission of an end-of -control signal from said memory 
card to said external device by an amount of time proportional to said 
random delay. . . 
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[57] ABSTRACT 

The method is designed to increase the protection of a 
microcircuit-based memory card comprising at least one 
memory coupled to a data-processing element. When said 
data-processing element receives a command by a data 
signal external to the card, said method consists in making 
said data-processing element emit a ratification signal at an 
instant that is deferred, with respect to the instant at which 
its emission was prompted by the data signal, by a duration 
that is randomly variable in time. The disclosed method can 
be applied to microcircuit-based memory cards. 
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of the memory card. At steps 2 and 3 respectively, a random 
number A is drawn and pulses given continuously by a fixed 
clock (not shown) are counted in known way. Simulta- 
neously, a program corresponding to the data and/or to the 
corresponding command is launched at step 4 to carry out 
operations for writing, reading the memory of the card 
and/or for example computing a signature. At the end of the 
execution of these instructions, the program emits an end- 
of-control signal or acknowledgment signal at step 5. At step 
6, a comparison is made between the random number drawn 
at step 2 and the count made at step 3. When the number 
indicated by the count at step 3 is equal to the random 
number obtained at step 6, the end-of-control signal emitted 
at step 5 is validated at step 7. Then, at step 8, this signal is 
sent out of the card into a card reading/writing device (not 
shown). In this way, as can be seen in the diagram of FIG. 
2, whenever a data element or command is sent to the card, 
the card can emit an end-of-control or acknowledgment 
signal CR acknowledging receipt of the data and commands 
that it has received after a period of time T. The duration of 
this time T, which is always random, can never provide 
information on the particular type of function that the card 
has been made to perform. 

Naturally, the mode of execution of the method just 
described is not the only possible one, and other variants are 
possible by modifying, for example, the order or the content 25 
of steps 1 to 8, as can be seen in FIG. 3 where elements 
homologous to those of FIG. 1 are shown with the same 
references. In FIG. 3, the drawing of the random number A 
takes place at the step 2, not as in FIG. 1 as soon as the 
execution of the data input step 1 has ended but during or at 
the end of execution of the control program at step 4. 
Furthermore, the initialization of the counting at step 3 takes 
place not as soon as the execution of step 1 has ended but 
when the random number A has been drawn at the step 2. As 
in FIG. 1, incrementation of the counting at step 3 takes 
place for as long as the counting at step 6 has not reached the 
value of the random number A. 

An embodiment of a circuit 19 for the implementation of 
the above method and its interconnection with the elements 
fonning a memory card are shown in FIG. 4. The circuit 19 
has a random code generator shown within a box of dashed 
lines 10. The parallel outputs of the generator 10 are 
connected to the parallel inputs of a buffer register 11. In the 
example of FIG. 4, the random code generator has, in a 
known way, a shift register 12 with outputs looped to inputs 
through exclusive-OR circuits 130, 140. 

The connection of the circuit 19 to the other elements 
which, in a standard way, form a memory card, is done by 
means of the data bus 13 of these cards which connect RAM 
type memories 14 and ROM or EPROM type memories 15 
to their processing unit 16. The connection to the data bus 13 
takes place through the outputs of the buffer register 11. 

To execute the method according to the invention, the 
shift register 12 is preferably controlled at the rate of a clock 
signal CK which is different from the clock signal used to 
determine the processing cycles of the processing unit 16. 
When, as shown in FIG. 3, the processing unit 16 carries out 
the control program 4 to draw the random number A, a 
reading signal UT of the processing unit 16 is applied to a $ 0 
control input of the buffer register 11 to hold the drawn 
random number A in the register and provide for its transfer 
to the bus 13. It must be noted that, according to this 
approach, the clock signal CK may be made variable, 
notably as a function of the temperature and of the supply 
voltages of the card so as to also have a random character. 

Naturally, the embodiment of the circuit 19 that has just 
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been described is not the only possible one. If necessary, a 
purely logic type embodiment may be preferred, with the 
implementation of a logic exclusive-OR function XOR as 
represented schematically in FIG. 5 by an equivalent exclu- 
sive OR gate 19. The output of the exclusive OR gate is 
looped to a first input, and the second input receives for 
example the value of the data transmitted to the card, all or 
a part of the data and instructions contained in the RAM 14, 
and the contents of all or a part of the ROM 15. 

It must be noted that, in the cases of use of EPROM type 
non-volatile data memories, the above-described mecha- 
nisms for the generation of random numbers should be put 
into operation before any operation for the writing or erasure 
of these memories, for the fact of writing in these memories 
may cause variation in the voltage and/or the intensity of the 
supply current in a manner that is sufficiently significant to 
provide references for time measurements. 

What is claimed is: 

1. A memory card, said memory card comprising: 

a bus, said bus permitting corrimunication between an 
external device and said memory card; 

a first memory, said first memory being coupled to said 
bus, and said first memory having an application pro- 
gram stored therein; 

a second memory, said second memory being coupled to 
said bus; 

a circuit for generating a random delay value, said circuit 
being coupled to said bus; and 

a processing element, said processing element being 
coupled to said bus, and said processing element defin- 
ing means 

for receiving instructions from said application program 
via said bus, 

for executing said application program instructions, 
for transmitting data via said bus to said second memory 

for storage therein, 
for receiving said random delay value via said bus, and 
for delaying transmission of an end-of-control signal from 
said memory card to said external device by an amount 
of time proportional to said random delay value. 

2. The memory card as in claim 1, wherein said random 
number circuit further comprises: 

a random code generator, said random code generator 
including 

a shift register, said shift register having inputs and 
outputs, and said shift register being controlled by a 
clock signal, and 

a plurality of exclusive-OR circuits, said exclusive-OR 
circuits connecting said outputs of said shift register 
to said inputs of said shift register, and 
a buffer register, said buffer register connecting said 

random code generator to said bus. 

3. The memory card as in claim 1, wherein said first 
memory is read only memory and wherein said second 
memory is random access memory. 

4. The memory card as in claim 1, wherein said first 
memory is volatile memory, and wherein said second 
memory is nonvolatile memory. 

5. A method to increase the security of a micro-circuit 
based chip card having a memory, and a data processing 
element receiving a data signal command from an external 
device, the method comprising the steps of: 

generating a random delay value following receipt of said 
data signal command; 

triggering a delay count to initiate a time interval; 
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generating an end-of-control signal; 
incrementing said delay count; 
comparing said random delay value to said delay count; 
and 

transmitting said end-of-control signal when said delay 
count is equal to said random delay value. 

6. The method set forth in claim 5 wherein the randomly 
generated value is generated by random code generation. 

7. The method as in claim 5, wherein said triggering step 



occurs after said data processing element receives said data 
signal command from said external device, and wherein said 
triggering step occurs before said generating step. 

8. The method as in claim 5, wherein said triggering step 
occurs after said generating step and before said increment- 
ing step. 
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Integrated circuit card for memory card. . . 

. . .has switch connecting power supply lines based on detection result of 
voltage detector and connecting host power supply line to main circuit 
supply line when absolute value of . . . 

. . .Abstract (Basic) : The IC card comprises a main circuit, a connector 
for connecting the IC card to a host system and an interface 
circuit between the connector and the main circuit. The interface 
circuit comprises an external interface circuit for connecting the... 

...interface circuit is connected to a power supply line of the main 

circuit. A voltage detecting device for detects a voltage of the 
host system power supply line... 

. . .A switching device for selectively connects and disconnects the host 
system power supply line and the main circuit power supply line based 
on a detection result of the voltage detection device. The 
switching device connects the host system power supply line to the main 
circuit . . . 



...supply line is less than an absolute value of a prescribed voltage. The 
switching device disconnects the host power supply line from the main 
circuit power supply line when the absolute... 

...USE/ADVANTAGE - For SRAM, DRAM, mask ROM , EPROM , OTPROM, EPROM and 
flash EE PROM cards. Has one-chip configuration. Reduces power 
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[57] 



ABSTRACT 



An objective of the present invention is to provide a highly 
reliable IC card which is large in the scale of integration, 
fast, and low power-consuming, which contains the latest 
type of IC that has an operating voltage of 3.3 V and a 
maximum rated voltage of 5 V or less, and which can be 
used in either the latest equipment rated at 3.3 V or existing 
equipment rated at 5 V, or which does not cause this latest 
type of IC to be destroyed. The interface circuit comprises 
an analog switch, an external interface circuit, an interval 
interface circuit, and a high- voltage detection circuit. If the 
voltage of the power supply Vcc of the host system is less 
than or equal to an upper-limit voltage of 4 V, the power 
supply voltage is applied unchanged through the analog 
switch to a ROM that is the main circuit. On the other hand, 
if the power supply voltage is greater than this upper-limit 
voltage of 4 V, the analog switch is made non-conductive 
and thus the power supply voltage is not applied to the 
ROM. This prevents the ROM from being destroyed. If a 
regulated- voltage circuit is also provided, a power supply 
voltage regulated at 3.3 V can be applied to the ROM, even 
when the power supply voltage of host system is greater than 
the upper-limit voltage of 4 V. 
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. . . controls to stop transfer of information and to maintain information 
in memory , when lock releasing condition is detected by lock 
detector 

...Abstract (Basic): NOVELTY - A control unit controls transfer of 

information on an IC card (1) to a memory , when lock condition of 
a door (5) is detected by a lock detector (17) . The control unit 
controls to stop transfer of information and to maintain information 
in the memory , when lock releasing condition is detected . DETAILED 
DESCRIPTION - A card mounting stand (4) has the door (5), a connector 
and the card detector . The connector is connected with a contact of 
an IC card (1), when the card is inserted in the stand and the door 
is closed. A. . . 

...is seeped into a long hole of the door, for locking the door. A lock 
detector (17) detects lock condition of the door. . . 

...USE - For controlling information transfer between integrated circuit 
card and personal computer. . . 

...of card, reliably. DESCRIPTION OF DRAWING (S ) - The figure depicts the 
perspective view of information processor . (1) IC card ; (4) Card 
mounting stand;. (5) Door; (13) Lock; (14) Lever; (17) Lock detector . 
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Abstract of J P1 1144005 

PROBLEM TO BE SOLVED: To protect 
information if a door is to be opened by 
mistake during the transfer of the information 
to a card type storage medium. SOLUTION: 



When the card type storage medium 1 is 
inserted into a medium loading part 4 and the 
door 5 is closed, the loading of the card type 
storage medium 1 is detected and when a lock 
13 is rotated with a key, a rotary lever 14 
enters a long hole 1 6 bored in the door 5 
together with the lock 13; and a lock detecting 
means 17 detects the locked state of the door 
5 once the door 5 is locked. In this state, the 
transmission and reception of information to 
and from the card type storage medium 1 are 
made possible and when the signal of the lock 
detecting means 17 changes from the locked 
state to an unlocked state, a control part 
performs control so that the transmission and 
reception of the information are quit and the 
information is held in a memory. 
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processing device for memory circuit. . . 
status of connections of card with conductor with external 



. . .Abstract (Basic) : The IC card processing device has a conductor 

(5) connecting card (3) to the required terminal. External terminal (4) 
in touch with a contact terminal when electrical connection is 
being routed to the card. A control circuit (51) monitors the 
communication between the contact terminal and a receiver (45), when 
radio wave signals from a clock signal source (CL1) to pass to the 
conductor . 



...card which has been inserted into the accommodating unit, an electrical 
signal is sent to detection circuit (4 6) in the control circuit. A 
switch (44) is actuated during detection and remains open until the 
detection is completed. The signal status being judged by the 
detection circuit provides information on the instructed card position 

. . .Abstract (Equivalent) : An IC card processing apparatus comprising 

...an insertion port for receiving an IC card having an external 
terminal . . . 

...an IC card storage unit for storing said IC card inserted from 
said insertion port... 

...a contact terminal to be brought into contact with said external 
terminal of said IC card inserted from said insertion port... 

. . . detection means for detecting that said IC card is inserted from 
said insertion port to a predetermined position of said IC card 
storage unit . . . 



.an information processing circuit for exchanging information with said 
external terminal through said contact terminal; and. . . 



wrong card detection means, having a terminal capable of being brought 
into contact with said contact terminal, for detecting that a wrong 
card including a conductive line extending from said terminal is 
inserted from. . . 

said wrong card detection means comprising. . . 

a) switch means, arranged near said contact terminal, for disconnecting 
a connection between said contact terminal and said information 

processing circuit in response to a detection signal from said 
detecting means. . . 

b) a reception circuit for detecting an electric field strength 
appearing at said contact terminal when the connection between said 
contact terminal and said information processing circuit is 
disconnected by said switch means . . . 

c) a determination circuit for receiving an output from said reception 
circuit to check whether the electric field strength exceeds a 
predetermined value; and. . . 

determination circuit is completed, said switch means to connect said 

contact terminal to said information processing circuit 
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[57] ABSTRACT 

In order to enable a processing circuit to certainly detect 
insertion of a wrong card having a conductive line without 
using a plate member or a coil regulating the shape of a card 
storage unit, when the wrong card having the conductive line 
is inserted from a card insertion port, formed in one surface 
of a housing, into the card storage unit in the housing, and 
the external terminal of the card is brought into contact with 
a contact terminal, a radio wave radiated into the housing is 
induced to the conductive line. A reception circuit connected 
to the contact terminal receives, of signals appearing at the 
conductive line, a radio wave signal radiated from a clock 
signal source in a communication control unit located at a 
position spaced apart from the card storage unit and supplies 
the detection output of the radio wave signal to a determi- 
nation circuit. The determination circuit determines inser- 
tion of the wrong card having the conductive line on the 
basis of the detection output. During this determination 
operation, a switch element is set in an open state, and the 
contact terminal is disconnected from the processing circuit, 
so that the voltage induced to the conductive line of the 
wrong card and the voltage induced to the external terminal 
of a proper card can be taken a sufficient value to determine 
the difference therebetween. 

12 Claims, 6 Drawing Sheets 
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connecting the input/output terminals of an inverter 60a to 
each other by a quartz oscillator 60b and connecting capaci- 
tors 60c and 6Qd to both the terminals of the quartz oscillator 
60&, a radio wave having the frequency F and output from 
the clock signal source 60 is strongly radiated. For this 5 
reason, the level of a signal input to the reception circuit 45 
increases, and the presence/absence of the conductive line of 
the card can be determined at a high S/N ratio. 

According to the above embodiment, in order to receive 
a very weak radio wave, the superheterodyne reception 10 
circuit 45 is used. However, if strong radio waves are 
radiated from high-frequency signal sources, a reception 
circuit can be constituted by only a filter and a detector, or 
an amplifier in addition to the filter and the detector. In this 15 
case, the amplifier may be connected to the input terminal of 
the filter or between the filter and the detector. In addition, 
in an apparatus which includes only one high-frequency 
signal source, a filter can be omitted. 

In the embodiment, although the determination circuit 46 20 
is arranged in the communication control unit 51 separated 
from the mechanism unit 21, the determination circuit 46 
may be arranged on the circuit board 40 on the mechanism 
unit 21 side. 

In the embodiment, although the switch elements 44bl to 25 
44b8 of the relay 44 are used as switch elements, a semi- 
conductor switch (e.g., an analog switch, a gate switch, or a 
photocoupler) or a filter circuit capable of perforrning signal 
separation for a high-frequency signal may be used in place 
of the relay 44. 30 

In the embodiment, although an output from the reception 
circuit 45 is used only to detect the conductive line of a 
wrong card, it may be checked on the basis of this reception 
output whether the detection circuit is entirely normally 35 
operated. 

In the embodiment, a manual insertion type IC card 
processing apparatus has been described. However, the 
present invention can be similarly applied to a card process- 
ing apparatus in which an IC card inserted from a card 40 
insertion port is completely received into a card storage unit. 

As described above, in an IC card processing apparatus 
according to the present invention, a radio wave radiated 
from a high-frequency signal source of an electronic circuit 
located at a position separated from a card storage unit is 45 
induced to the conductive line of a wrong card received into 
the card storage unit, and a signal appearing at a contact 
terminal which is in contact with an external terminal of the 
card connected to the conductive line is received, thereby 
determining, on the basis of the reception output, that the 50 
inserted card is a wrong card. 

As described above, according to the present invention, 
since the conductive line of a wrong card is used as reception 
antenna for receiving a radio wave radiated into the housing, 
the diameter and the position of the conductive line rarely 55 
affect a reception output, and the wrong card can be certainly 
detected. 

According to the present invention, unlike the prior art, a 
conductive plate for capacitively coupling the conductive 
line of a wrong card, a plate for emitting an electromagnetic 60 
wave, and the like need not be arranged between the card 
insertion port and the contact terminals. For this reason, the 
shape of the card storage unit is not limited, and a large 
opening can be formed in the lower surface of the card 
storage unit, thereby preventing a card jam caused by 65 
insertion of a card cut shorter than a proper card, a piece of 
paper, or the like. 



10 

Additional embodiments of the present invention will be 
apparent to those skilled in the art from consideration of the 
specification and practice of the present invention disclosed 
herein. It is intended that the specification and examples be 
considered as exemplary only, with the true scope of the 
present invention being indicated by following claims. 

What is claimed is: 

1. An IC card processing apparatus comprising: 

an insertion port for receiving an IC card having an 

external terminal; 
an IC card storage unit for storing said IC card inserted 

from said insertion port; 
a contact terminal to be brought into contact with said 

external terminal of said IC card inserted from said 

insertion port; 

detection means for detecting that said IC card is inserted 
from said insertion port to a predetermined position of 
said IC card storage unit; 

an information processing circuit for exchanging infor- 
mation with said external terminal through said contact 
terminal; and 

wrong card detection means, having a terminal capable of 
being brought into contact with said contact terminal, 
for detecting that a wrong card including a conductive 
line extending from said terminal is inserted from said 
insertion port, 

said wrong card detection means comprising: 

a) switch means, arranged near said contact terminal, 
for disconnecting a connection between said contact 
terminal and said information processing circuit in 
response to a detection signal from said detecting 
means; 

b) a reception circuit for detecting an electric field 
strength appearing at said contact terminal when the 
connection between said contact terminal and said 
information processing circuit is disconnected by 
said switch means; 

c) a determination circuit for receiving an output from 
said reception circuit to check whether the electric 
field strength exceeds a predetermined value; and 

d) switch control means for switching, when the deter- 
mination of said determination circuit is completed, 
said switch means to connect said contact terminal to 
said information processing circuit. 

2. An apparatus according to claim 1, wherein said switch 
means includes a relay contact. 

3. An apparatus according to claim 1, wherein the electric 
field includes a high-frequency component leaking and 
radiated from a specific clock signal source used in said 
information processing circuit. 

4. An apparatus according to claim 1, wherein a large 
opening is formed in a lower surface of said IC card storage 
unit to cause the IC card storage unit to drop a card cut 
shorter than a proper IC card, dust, and the like downward. 

5. An apparatus according to claim 3, wherein said 
reception circuit includes a superheterodyne reception cir- 
cuit for detecting that a high-frequency component radiated 
from said specific clock signal source appears at said con- 
nection terminal. 

6. An apparatus according to claim 1, wherein said contact 
terminal is connected to said reception circuit with a shortest 
distance. 

7. An apparatus according to claim 1, wherein, when said 
contact terminal comprises a plurality of contact terminals, 
said switch means includes a plurality of switches for 
respectively disconnecting connections between said plural- 
ity of contact terminals and said information processing 
circuit. 
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8. An apparatus according to claim 1, wherein said 
determination circuit uses a reference voltage which is 
preset to be higher than an output, obtained from said 
reception circuit when a proper card is inserted, by a voltage 
corresponding to a predetermined margin and to be lower 5 
than an output obtained from said reception circuit when a 
conductive line having a predetermined length is connected 
to said contact terminal. 

9. An apparatus according to claim 1, further comprising: 
power supply control means for supplying power to said 10 

reception circuit in response to a detection signal from 
said detection means and stopping power supply to said 
reception circuit in response to a determination comple- 
tion of said determination circuit. 



12 

10. An apparatus according to claim 1, wherein said 
apparatus is accommodated in a housing shielded electro- 
magnetically. 

11. An apparatus according to claim 10, further compris- 
ing: * 

radio wave radiation means including a dedicated clock 
signal source to the electric field and an antenna for 
radiating a radio wave from said dedicated clock signal 
source into said housing. 

12. An apparatus according to claim 1, wherein said IC 
card includes a prepaid IC memory card which stores call 
rate information for a public telephone set. 

***** 
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1-0 control circuit for integrated circuit card with one-time PROM 
ICs. . . 



. . . includes selection circuit to detect PROM power supply voltage and 
select one of read or write data bus buffers, both connected between 
PROM ICs and data bus , with either 5V read or 12-12. 5V program 
supply voltage, respectively 

...Abstract (Basic): The IC card input-output control circuit has a 

read data bus buffer (35) connected between the one-time PROM ICs 
(21) and a data bus (29) and a write data bus buffer (36) 
connected between the PROM ICs and the data bus . Selection 
circuitry (37) detects the power supply voltage supplied to the PROM 

ICs and selects either the read or write data bus buffer 
accordingly. . . 

...a Zener diode and resistance series connected between a power supply 

voltage line to the PROM IC and ground. One of the PROM ICs in the 
IC card is selected by an address decoder in response to an address 
signal . . . 

. . .ADVANTAGE - Increased resistance to static electricity; IC card 

electrical characteristics esp. output terminal capacity independent of 
number of PROMs mounted on card. . . 

...Abstract (Equivalent): an input/output circuit for a I.e. card which is 
provided with a PRIM integrated circuit , programmable only once... 

...Abstract (Equivalent): An input/output control circuit for an IC card 
equipped with one-time PROMICs, comprising... 



a read data bus buffer connected between said one-time PROMICs and a 
data bus : 



a write data bus buffer connected between said one-time PROMICs and 
the said data bus ; and. . . 

power supply voltage supplied to said one-time PROMICs and selecting one 
of said read data bus buffer and said write data bus buffer on 
the basis of the detected power supply voltage 

Abstract (Equivalent) : The input/output control circuit for an IC 
card equipped with one-time programmable read only memory 
integrated circuits ( PROM -ICs) includes a read data bus buffer 
connected between the one-time PROM -ICs and a data busO . A write 
data bus buffer is connected between the one time PROM -ICs and the 
data bus . 



A selection device detects the power supply voltage supplied to the 
one-time PROM -ICs and selects one of the read data bus buffer and 
the write data bus buffer in response to the detected power 
supply voltage. . . 

ADVANTAGE - input /output control circuit improves ability of IC card 
to withstand electrostatic discharge and prevents electrical 
characteristics of IC card from changing with change in number of 
one-time PROM -ICs mounted on it 

Title Terms: PROM ; 
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[57] ABSTRACT 

An input/output control circuit for an IC card equipped 
with one-time programmable read only memory inte- 
grated circuits (PROM-ICs) includes a read data bus 
buffer connected between the one-time PROM-ICs and 
a data bus; a write data bus buffer connected between 
the one time PROM-ICs and the data bus; and a selec- 
tion device for detecting the power supply voltage 
supplied to the one-time PROM-ICs and selecting one 
of the read data bus buffer and the write data bus buffer 
in response to the detected power supply voltage. The 
input/output control circuit improves the ability of the 
IC card to withstand electrostatic discharge and pre- 
vents the electrical characteristics of an IC card from 
changing with a change in the number of one-time 
PROM-ICs mounted thereon. 

6 Claims, 3 Drawing Sheets 



25 



28 



26 



23- 



30 



51 



ADDRESS 
DECODER 



s 



ADDRESS 
BUFFER 



CONTROL 
SIGNAL 

CONTROL 
CIRCUIT 



22 



21- 



27 



...CL, 

CE 


o 

CE 




Vpp 




GND 


PGM 


PGM 


<OE 


45 



32 



V 



24 



READ 
i-| DATA 
BUFFER 



.34 



k 

35 



WRITE 
DATA 
BUFFER 



29 



■st 



36 



V 



40 




11/30/2005, EAST Version: 2.0.1.4 



36/3, K/53 (Item 53 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 

(c) 2005 Thomson Derwent . All rts. reserv. 

011099017 **Image available** 

WPI Acc No: 1997-076942/199707 

XRPX Acc No: N97-063911 

Circuit for detecting completed connection of integrated circuit 
card i.e. PCMCIA type card to terminal - includes power supply ramping 
circuit which prevents voltage spikes during card insertion/extraction 
and supply power detection circuit for receiving card 
insertion/extraction signals 

Patent Assignee: FISET P D (FISE-I) 

Inventor: FISET P D 

Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

US 5589719 A 19961231 US 95401778 A 19950310 199707 B 

Priority Applications (No Type Date) : US 95401778 A 19950310 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 5589719 A 13 H05K-001/11 

Circuit for detecting completed connection of integrated circuit 
card i.e. PCMCIA type card to terminal... 

. . .power supply ramping circuit which prevents voltage spikes during card 
insertion/extraction and supply power detection circuit for receiving 
card insertion/extraction signals 

. . .Abstract (Basic) : The IC card circuit comprises a function 

generating circuit and a voltage ramping power supply (1230) for 
maintaining the proper sequencing of states when the IC card 
circuit is not connected to the host terminal unit. Two card detect 
sockets mate with detect pins of the host terminal connector , 
respectively. A card operating properly detector judges the ability 
of the portable IC card to function properly, responsive to the 
power supply and the function generating circuit... 

...Two transistors receive current into their base from the detect pins, 
respectively. Two impedance devices bias the collector of the 
transistors to the power supply. . . 

...terminal supplies power to the ramping power supply from the host 
terminal unit when the IC card is connected to the unit. A 
transistor is connected in series between the power input terminal and 
the internal power supply. A supply voltage detecting circuit 
receives the card insertion/extraction signal and the voltage of the 
ramping power supply. . . 

. . . USE /ADVANTAGE - Memory card, SRAM, DRAM, FLASH, EE PROM , EPROM , 
PROM , hard disk drive, I/O card, communication card, video card, bus 
controller card, sound card, multimedia card. Provides increase in 
functionality and reliability by multiple uses of card detect signal. 
No voltage spikes when card is connected/ disconnected . 
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[57] 



ABSTRACT 



The present invention discloses a novel card out of socket 
detector circuit for IC cards, especially PCMCIA type cards. 
Multiple uses of the card detect signal in the IC card 
interface are provided. The disconnection of system pins is 
detected and the generation of a card out of socket response 
signal is created. Such as in the case of high vibration when 
a connection is temporarily disconnected; A power supply 
ramping circuit is provided so that when the IC card is 
connected or disconnected from the host terminal unit there 
are no voltage spikes within the IC card which will corrupt 
the operation of certain types of memory particularly in the 
case of voltage supply sensitive battery backed DRAM IC 
cards. A power supply circuit is provided which is capable 
of boosting a voltage from a power source. A controlled 
transfer from a first removable battery to a second fixed 
rechargeable battery is also provided that does not create 
excessive voltage bumps. 

13 Claims, 4 Drawing Sheets 
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Different versions of the DRAM card can be offered. One 
that is to be used at room temperatures only, and another that 
can operate in a larger temperature range. The room tem- 
perature only, card would have lower power drain because 
the voltage booster would be disconnected. Tins feature 5 
could be incorporated into a single card by throwing an 
external switch. The feature to power manage the voltage 
booster could also be incorporated into the card, with some 
additional power drain for the control. The voltage booster 
is a small drain when it is in the static state anyway, 10 
approximately 2 uA. 

The comparator used in the voltage booster design could 
be replaced by the op-amp TLC251CD single that can go 
down to 1.4 volts. The TLC25L2CD dual and the 
TLC25L4CD quad could also be used. These parts have 15 
outputs that do not swing rail to rail: and therefore would 
require additional active components to provide the boosted 
voltage. 

Ultimately the easiest design would require the user to 
change the batteries in a powered up host But, an equally 20 
interesting design would be to have two primary batteries. 
One would be used only when the replaceable was out of the 
circuit. This could even be a small battery that could also be 
replaced. In fact, replace the small one first and the large one 
second. 25 

FIG. 12 shows one embodiment of the present invention 
illustrating the interactive operation between all the ele- 
ments.. The host computer 1201 is illustrated in general, 
showing common components typically associated with 
such a device. Power supply 1204 could be an external 30 
supply or a battery powered internal supply. CPU 1205 is 
connected to memory 1206, display monitor 1207 and 
keyboard 1208. Computer interface 1210 is a standard 
PCMCIA type interface having an array of pins which 
comply with the PCMCIA standards. Host computer 1201 is 35 
shown merely for illustration, and in no way should limit the 
scope of possible applications. 

The IC card 1202, which could be of the PCMCIA type, 
can be connected to host computer 1201 via card interface ^ 
1212. Card interface . 1212 comprises a plurality of sockets 
which mate with the corresponding pins of the host* s 
computer interface 1210. IC card 1202 includes a primary 
battery 1213 and a secondary battery 1214 as a power source 
when the IC card 1202 is not connected to host computer 
1201. Battery voltage detector 1215, as shown in FIG. 5, 
monitors the state of charge, of the batteries 1213, 1214. 

Host power is supplied via signal line 1220 to the host 
power supply detector 1221, as shown in FIG.. 4. This 
circuitry acts to recharge the primary 1213 and secondary 50 
1214 batteries, as well as, directing power supplied from the 
host 1201 into the voltage ramping circuit 1230, as shown in 
FIG. 3. Voltage ramping circuit 1230 supplies power directly 
to the power supply circuit 1235. This power supply circuit 
1235 is illustrated by FIG. 1. The IC card 1202 can function 55 
as a variety of devices. It could serve as a modem, external 
floppy drive, GPS transceiver or as an additional memory 
source. This memory could be volatile or non-volatile. The 
main functional block of the card is illustrated by numeral 
1240. The block 1240 identifies in general the specific $o 
circuitry to accomplish a given task, or a large block of 
memory. 

The card out of socket detection circuit 1250 is connected 
to the card interface 1212 by signal lines 1251 and 1252. The 
card out of socket detection circuit 1250 can include any one 65 
of the circuits illustrated in FIGS. 2, 7-11. Signal line 1251 
corresponds to the signal received from the CD1 pin/socket 



and signal line 1252 corresponds to the signal received from 
the CD2 pin/socket. As has been described, the card out of 
socket detection circuit 1250 can impress a given voltage on 
the CD1 and CD2 pins to simulate a specific condition. This 
voltage is impressed on the pins with the intent to control the 
IC card and the host computer. Tne signals received from 
signal lines 1251 and 1252 are also used by the card out of. 
socket detection circuit 1250 to control the power supply 
circuit 1235 and the host power supply detector 1221. When 
the IC card is removed, either on purpose.or by accident, the 
signals on lines 1251 and 1252 will be the first to respond. 
This "early warning** is used by the card out of socket 
detection circuit 1250 to switch power supply from the host 
1201 to the primary 1213 and/or secondary 1214 batteries. 
Signal line 1260 is used for data communication, control and 
power supply. Only one line 1260 is shown in the drawing 
for simplicity, but in practice there would be a plurality of 
connections between the power supply circuit 1235 and the 
card out of socket detection circuit 1250. 

Data signal lines 1270 connect the main memory/circuit 
1240 of IC card 1202 to the card interface 1212. These signal 
lines serve as the primary transmission path to transfer data 
between memory/circuit 1240 and . host computer 1201. 
Signal monitoring lines 1280 are connected to the data 
signal lines 1270. Signal monitoring lines 1280 allow the 
card out of socket detection circuit to monitor the condition 
and state of the data signal lines 1270. Data signals that can 
be monitored may include data, address, control signals and 
power. If one of the pins or sockets connected to the data 
signal lines has malfunctioned, due to vibration, dust par- 
ticles, etc., the card out of socket detection circuit 1250 can 
identity the fault and impress a false signal on one or both 
of the card detect signal lines 1251, 1252 to simulate a card 
out of socket , condition. 

The present disclosure includes that contained in the 
appended claims, as well as that of the foregoing descrip- 
tion. Although this invention has been described in its 
preferred form with a certain degree of particularity, it is 
understood that the present disclosure of the preferred form 
has been made only by way of example and that numerous 
changes in the details of construction and the combination 
and arrangement of parts may be resorted to without depart- 
ing from the spirit and scope of the invention. 

What is claimed is: 

1. An IC card circuit for a portable IC card selectively 
insertable and extractable from a host terminal unit thereby 
connecting and disconnecting the IC card circuit from the 
host terminal unit comprising, 

a function generating circuit, 

an internal power supply for applying a voltage to said 
function generating circuit to maintain the proper 
sequencing of states of said function generating circuit 
when the IC card circuit is not connected to the host 
terminal unit, 

a first card detect socket for mating with a first card detect 
pin of the host terminal connector, 

a second card detect socket for mating with a second card 
detect pin of the host terminal connector, 

a card operating properly detector for detecting the ability 
of the portable IC card to function properly, responsive 
to the state of said internal power supply and respon- 
sive to the state of said function generating circuit; 

a first transistor for receiving current into the base of said 
first transistor from the host terminal's first card detect 
pin, 

a first impedance means for biasing the collector of said 
first transistor to said internal power supply, 
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a second transistor for receiving current into the base of 
said second transistor from the host terminal's second 
card detect pin, 

a second impedance means for biasing the collector of 
said second transistor to said internal power supply, 5 

a logic element for outputting a card insertion and extrac- 
tion signal responsive to signals from the collectors of 
said first transistor and said second transistor, 

a power input terminal for supplying power to said 1Q 
internal power supply from said host terminal unit 
when the IC card is connected to said host terminal 
unit, 

a power switch connected in series between said power 
input terminal and said internal power supply, and 15 

a supply voltage detecting circuit for receiving said card 
insertion and extraction signal indicative of the con- 
nection with and disconnection from said host terminal 
unit and the voltage of said internal power supply for 
generating an output signal for the opening and closing 20 
of said power switch. 

2. The IC card circuit of claim 1 wherein said power 
switch is a transistor. 

3. The IC card circuit of claim 1 wherein said internal 
power supply comprises a voltage ramping power supply 25 
circuit. 

4. The IC card circuit of claim 1 wherein said internal 
power supply comprises a voltage step up/down power 
supply circuit 

5. The IC card circuit of claim 1 further comprising, 30 
a first controlled impedance means for selectively con- 
trolling current flow to the base of said first transistor, 
responsive to said card operating properly detector. 

6. The IC card circuit of claim 5 wherein said first 
controlled impedance means is an analog switch. 35 

7. The IC card circuit of claim 5 further comprising, 

a second controlled impedance means for selectively 
controlling current flow to the base of said second 
transistor, responsive to said card operating properly 
detector. 40 

8. The IC card circuit of claim 7 wherein said first 
controlled impedance means is an analog switch, and 
wherein said second controlled impedance means is an 
analog switch. 

9. The IC card circuit of claim 1 further comprising, 45 
a third controlled impedance means for selectively con- 
trolling current flow out of the emitter of said first 
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transistor, responsive to said card operating properly 
detector; 

a fourth controlled impedance mp^ng for selectively con- 
trolling current flow out of the emitter of said second 
transistor, responsive to said card operating properly 
detector. 

10. The IC card circuit of claim 9 wherein said third 
controlled impedance means is an analog switch, and 
wherein said fourth controlled impedance means is an 
analog switch. 

11. A portable IC card selectively insertable into and 
removable from a host computer interface of a host com- 
puter, thereby connecting and disconnecting the portable IC 
card from the host computer comprising, 

a main memory or primary circuitry portion which com- 
prises the main functional purpose of said portable IC 
card, 

a card interface for connection to said host computer 

interface, 
a host power supply detector circuit, 
a battery voltage detector circuit, 
a primary battery to supply power to said portable IC card 

when said portable IC card is not receiving power from 

said host computer, 
a power supply circuit, 

a plurality of data signal lines connected between said 
main memory or primary circuitry portion and said card 
interface and, 

a card out of socket detection circuit connected to said 
data signal lines, said card interface and said power 
supply circuit, 

said card out of socket detection circuit monitoring sig- 
nals received from said card interface and said data 
signal lines and, selectively outputting signals to said 
card interface and said power supply circuit for the 
purpose of controlling the operation of said portable IC 
card. 

12. The portable IC card of claim 11 where said card 
interface and said host computer interface are of the PCM- 
CIA type. 

13. The portable IC card of claim 11 further comprising, 
a voltage ramping circuit connected between said power 

supply circuit and said host power supply detector. 

* * * * » 
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Security module for secure comparison of an authentication code with one 
stored in memory has additional auxiliary registers in which randomly 
chosen data words are placed for use in. . . 

Abstract (Basic) : 

... is entered into some form of verifier with a code that is stored 

in secure memory . The device includes two extra auxiliary registers 
that are used with the main registers that the security code from 
secure memory and the code entered to be validated in a manner to 
prevent fraudulent discovery of... 

... first sum is then calculated using these random values. The 

respective words in the main memory registers are compared two by two 
and then one of the words of the auxiliary. . . 

...value equal to the first sum multiplied by the number of words in the 
main memory registers. When the two sums are equal the contents of 
the two main registers are... 

...Means for preventing fraudulent discovery of a security code by 
monitoring the current output from a verification device... 

...Use of extra auxiliary registers and random code generation means 
that the code cannot be inferred from the current output . . . 

. . . Figure shows a device for processing data from a portable security 
device such as a smart card 



. . . smart card ( 8 . . . 
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ABSTRACT 



The invention relates to a process for securely comparing 
two main storage registers, comprising defining an auxiliary 
storage register (A), calculating a first sum of the words 
composing the auxiliary storage register, comparing the 
words of the two main storage registers, randomly selecting 
one of the words of the auxiliary storage register, and 
modifying the value of the selected word by a first prede- 
termined value if said words of the main storage registers are 
identical, and modifying the value of said selected word by 
a second predetermined value if said words of the main 
storage registers are different, calculating a second sum 
(S A2 ) of the words of the auxiliary storage register, and 
modifying the second sum by a value equal to said first value 
multiplied by the number of words (n) of the main storage 
registers, and comparing said first and second sums (S A1 , 
$A2)- The invention also relates to the associated security 
module. 

7 Claims, 4 Drawing Sheets 
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PROCESS FOR SECURE COMPARISON OF 

TWO STORAGE REGISTERS, AND 
SECURITY MODULE IMPLEMENTING THIS 
PROCESS 

5 

FIELD OF THE INVENTION 

The invention relates to a process for the secure compari- 
son of two storage registers, and a security module imple- 
menting this process. 10 

DESCRIPTION OF RELATED ART 

The term "security module" should be understood either 
in its conventional sense, in which it designates a device 
whose purpose in a communication or information network 35 
is to be held by an authority supervising the network and to 
store, in protected fashion, secret and fundamental param- 
eters of the network such as cryptographic keys, or more 
simply, as designating a device allocated to various users of 
the network that allows each of them to have access to the 20 
latter, this latter device also being capable of holding secret 
parameters. The security module could take the form of a 
portable object of the chip card type. 

It is known that a hacker is capable of deducing certain 
information on the operations performed in a security mod- 25 
ule by carefully studying the electric current consumption of 
the security module. In particular, when it comes to the 
operation for comparing two storage registers, the hacker 
can try to study the evolution of this electric current and 
attempt to deduce from it the positive or negative result of 30 
this comparison. 

In the known art, the operation for comparing two storage 
registers, which is done by comparing two by two various 
words composing the registers, includes an operation for 
writing the result of each comparison performed between 
words: this write operation consists in a setting to 0 or to 1 
of a bit in an auxiliary register, as a function of the result of 
the comparison. This direct translation of the result into a 
setting to 0 or to 1 of a bit is susceptible to being discovered 
by a hacker. 40 

SUMMARY OF THE INVENTION 

The object of the invention is to offer a process for 
comparing two storage registers that does not involve a 
direct writing of the result of the comparison into an 45 
auxiliary register. To this end, the invention relates to a 
process for comparing two main storage registers, these 
registers comprising the same number of words, each having 
a value defined by several logical elements, characterized in 
that it comprises the steps consisting of: 0 
defining at least one auxiliary storage register comprising 
several words each having a value defined by several 
logical elements; 
setting the logical elements of the auxiliary storage reg- 55 

ister to random values; 
calculating a first sum of the values of the words of the 

auxiliary storage register; 
comparing two by two the respective words of the main 
storage registers, and for each comparison of two 60 
respective words, randomly selecting one of the words 
of the auxiliary storage register, and modifying the 
value of this word by a first predetermined value if said 
words of the main storage registers are identical, and 
modifying the value of this word by a second prede- 65 
termined value if said words of the main storage 
registers are different; 
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calculating a second sum of the values of the words of the 
auxiliary storage register, and modifying it by a value 
equal to said first value multiplied by the number of 
words of the main storage registers; and 

comparing said first and second sums, and in the event of 
equality, declaring that said main storage registers are 
identical, while in the event of inequality, declaring that 
said main storage registers are different. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Other details and advantages of the present invention will 
emerge from the following description of a preferred but 
non-limiting embodiment, in reference to the attached draw- 
ings in which: 

FIG. 1 represents a data processing device that cooperates 
with a security module; 

FIG. 2 represents a variant of FIG. 1; 

FIG. 3 represents two main registers to be compared; 

FIG. 4 represents two auxiliary registers A and B used to 
compare the main registers; 

FIG. 5 represents a security byte used for comparing the 
main registers; 

FIG. 6 is a flow chart of the procedure for comparing the 
main storage registers and accordingly writing into the 
auxiliary registers A and B; 

FIG. 7 is a flow chart of the procedure for analyzing the 
result of the comparison of the main registers by means of 
the auxiliary registers A and B. 

DESCRIPTION OF THE PREFERENCE 
EMBODIMENTS 

FIG. 1 represents a data processing device 1 cooperating 
with a security module in the form of a portable object 8. 
The data processing device comprises, in a way that is 
known per se, a microprocessor 2 to which are connected a 
memory ROM 3 and a memory RAM 4, means 5 for 
cooperating, with or without physical contact, with the 
portable object 8, and a transmission interface 7 that allows 
the data processing device to communicate with a data 
communication network. The data processing device 1 can 
also be equipped with storage means such as diskettes or 
disks that may or may not be removable, entry means (such 
as a keyboard and/or a pointing device of the mouse type) 
and display means, these various means not being repre- 
sented in FIG. 1. 

The data processing device can be constituted by any 
computing device installed at a private or public site and 
capable of providing means for managing information or 
delivering various goods or services, this device being 
permanently installed or portable. It can also be a device 
dedicated to telecommunications. 

In addition, the portable object 8 carries a chip that 
includes information processing means 9, a nonvolatile 
memory 10, a volatile working memory RAM 14, and 
means 13 for cooperating with the data processing device 1. 
This chip is laid out so as to define, in the LS memory 10, 
a secret area 11 in which information, once recorded, is 
inaccessible from outside the chip and only accessible to the 
processing means 9, and an accessible area 12 that is made 
accessible from outside the chip through the microprocessor 
9 for reading and/or writing information. Each area of the 
nonvolatile memory 10 can comprise a part that is not 
modifiable ROM and a part that is modifiable EPROM, 
EEPROM or constituted by a RAM of the "flash" type or a 
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FRAM (the latter being a ferromagnetic RAM), i.e, having 
the characteristics of an EEPROM but with access times 
identical to those of a conventional RAM. 

For the chip, it is possible to use a self-programmable 
microprocessor with a nonvolatile memory, as described in 5 
U.S. Pat. No. 4.382.279 in the name of the Applicant. As 
indicated in column 1, lines 13-25 of this patent, the 
self-programmable feature of the chip corresponds to the 
capability for a program fi located in a ROM to change 
another program fj located in a programmable memory into i° 
a program gj. In a variant, the microprocessor of the chip is 
replaced — or at least supplemented — by logic circuits 
installed in a semiconductor chip. In essence, such circuits 
are capable of performing calculations, particularly authen- 
tication and signature calculations, as a result of their 15 
hardwired, rather than microprogrammed, logic. They can 
particularly be of the ASIC ("Application Specific Integrated 
Circuit") type. Advantageously, the chip will be designed in 
monolithic form. 

A variant of FIG. 1 is illustrated in FIG. 2, in which the 20 
data processing device 16 comprises, in addition to the 
elements of the data processing device 1 of FIG. 1, those of 
the portable object 8 disposed in a security module 15, the 
elements common to both FIGS. 1 and 2 having the same 
references. However, the cooperation means 5, 13 of FIG. 1 25 
are replaced by a permanent link between the microproces- 
sor 2 and the microprocessor 9. 

According to a variant of FIG. 2, the data processing 
device is constituted by the security module 15 of FIG. 2 
itself. 30 

FIG. 3 represents two main storage registers of the 
volatile memory RAM 14 of the above-mentioned security 
module, each comprising the same number of n words 
constituted by (typically eight) bytes, marked (1, 2, ... , 35 
i, . . . n). One of the two registers is a reference register that 
temporarily stores a reference value such as, for example, a 
user code or PIN (Personal Identification Number) or a 
signature or any other readable quantity, saved in nonvolatile 
memory 10 and making it possible to perform an authenti- 4Q 
cation. As for the other register, it is a register to be verified 
by comparison with the reference register; it contains a 
quantity generally received from outside the security mod- 
ule. 

The volatile memory RAM 14 also contains (FIG. 4) two 45 
auxiliary registers A, B, each comprising a certain number of 
bytes (typically the same number as for the main registers), 
marked (1, 2, . . . , j A , . . . , ) and (1, 2, . . ., \ B . . . p). These 
registers will be used to record the result of the comparison 
between the main storage registers, as explained in reference 50 
to FIG. 6. 

The volatile memory RAM 14 also contains (FIG. 5) a 
security byte comprising two significant bits x and y. The 
value of the bit x defines, as explained in reference to FIG. 
6, one of two ways of translating an equality between the 55 
two main storage registers. The value of the bit y defines 
which of the two auxiliary registers A and B will actually be 
used to obtain the result of the comparison between the main 
storage registers. 

The process for comparing the reference register and the 60 
register to be verified will now be explained in reference to 
FIG. 6. First of all, the security byte is generated randomly 
using a known random number generator provided in the 
hardware or software of the security module (step 61). The 
two auxiliary registers A and B are also generated randomly 65 
(step 62). Next, a first sum S_4j of all the bytes of the 
auxiliary register A and a first sum S B1 of all the bytes of the 
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auxiliary register B are calculated (step 63). An index i 
defining the position of a current byte of the reference 
register or of the register to be verified is set to 0 (step 64), 
then 1 is added to this 5 index (step 65). i is then compared 
to the total number n of bytes of these registers (step 66): if 
i is not greater than n, two indices and ] B are generated 
(step 67), ) A being between 1 and m and j B being between 1 
and p, respectively corresponding to the position of a current 
byte of the auxiliary register A and to the position of a 
current byte of the auxiliary register B. 

The two bytes in the i position of the reference register 
and of the register to be verified are then compared (step 68). 
Then, the value of the bit x of the security byte is determined 
(step 69). Let us first consider the case where x is different 
from 1, i.e., has the value 0. In step 70, it is first determined 
whether there is equality between the two bytes in position 
i. If not (step 72), the byte with the index of the auxiliary 
register A is incremented by one unit and the byte with the 
index of the register B is decremented by one unit. If so 
(step 71), the inverse operations are performed, i.e., the byte 
with the index j A of the auxiliary register A is decremented 
by one unit and the byte with the index } B of the auxiliary 
register B is incremented by one unit. 

On the other hand, if in step 69, x equals 1, the inverse 
operations of those performed when x equals 0 are per- 
formed. In step 73, it is determined whether there is equality 
between the two bytes in position i. If not (step 75), the byte 
with the index \ A of the auxiliary register A is decremented 
by one unit and the byte with the index of the auxiliary 
register B is incremented by one unit. If so (step 74), the 
inverse operations are performed, i.e. the byte with the index 

of the auxiliary register A is incremented by one unit and 
the byte with the index ] B of the register B is decremented 
by one unit. 

At the end of any of the four steps 71 , 72, 74, 75, the 
process returns to step 65 to increase the index i by one unit; 
this is followed by a comparison of next two bytes of the 
reference register and of the register to be verified. Once all 
the bytes of these two registers have been compared, i 
becomes greater than n in step 66, which ends the procedure. 

The way in which the results obtained in FIG. 6 are used 
will be explained in reference to FIG. 7. First, the value of 
the bit y of the security byte is determined (step 81 ). If y is 
different from 1, the auxiliary register A will be used to find 
the result of the comparison between the two main registers, 
and the auxiliary register B will be ignored. To do this, the 
sum of the bytes of the auxiliary register A is again calcu- 
lated (step 82), which gives a second sum S A2 . Then, the 
value of the bit x of the security bit is determined (step 83). 
If x is different from 1, the value n is subtracted from the first 
sum S A1 of the bytes of the auxiliary register A (step 84), i.e. 
this sum is modified by the value (-n). This value (-n) is 
obtained by multiplying by the number n of bytes of the 
reference register the value by which the byte j A of the 
auxiliary register A was previously modified (see FIG. 6, 
step 71 ), or in this case (-l)x n«=(-n). Lastly, in step 85, the 
first and second sums S A1 and S A2 of the auxiliary register 
A are compared: an equality between these 10 sums indi- 
cates equality between the reference register and the register 
to be verified, while a difference between these two sums 
means that the reference register and the register to be 
verified are different. 

If, in step 83, x equals 1, the value n is added to the first 
sum S A1 of the bytes of the auxiliary register A (step 86), i.e., 
this sum is modified by the value (+n). This value (+n) is 
obtained by multiplying by the number n of bytes of the 



11/30/2005, EAST Version: 2.0.1.4 



